Hyperconnection is here, connected objects are multiplying and artificial intelligence is moving forward. Cybersecurity is no longer "just" about securing information networks and systems. It now involves the resilience of societies and how a society functions when it takes a systemic hit. Since it is impossible to do away with risks completely, the goal is to ensure that essential operations remain up and running in a crisis situation. To enable ourselves to "ride the waves," to paraphrase French neuropsychiatrist Boris Cyrulnik, we must not limit ourselves to improving our capabilities in terms of "rectifying" or "recovering." We must design and implement devices more capable of withstanding any blows they might be dealt, by their very design. Is this a matter of fantasy or reality? Operational resilience must be taken beyond theory and put into practice through specific human, technological and organisational efforts. How can human factors and "user" risk be managed? How can cyber risks best be incorporated into business continuity plans? Will the development of artificial intelligence lead to the design of self-adaptive systems able to automatically reset when they undergo attacks and become "smarter" of their own accord?

Markus BRAENDLEHead - AIRBUS CyberSecurity

Guillaume POUPARDDirector General - ANSSI

Jean-Noël DE GALZAINFounder & CEO; President HEXATRUST - Wallix Group

Dominique RISTORIDirector General for Energy - Commission européenne

Alex TAYLOREuropean Journalist -

THOMAS FILLAUD - Orange Cyberdéfense

Florian HAACKEChief Security Officer (CSO) - Innogy SE

ANDREAS KÖNENDirector of the IT-Security Department, - German Federal Ministry of the Interior

Employees and vendors with remote access to systems and privileged credentials are a prime target for cyber-attacks. A good defense-in-depth strategy addresses both access and credentials, while supporting business productivity and help meeting compliance mandates and regulations such as GDPR. Follow Bomgar’s six step-process for securing access pathways to your network and reducing risks related to privileged credentials. This is much more than a concept: learn more about two organizations who have been implemented, tested and validated this approach.

Mario MASSARDSr. Solutions Engineer, EMEA - BOMGAR

MC01

|Tuesday11:00 - 12:00|Master class

X

MC01

||Tuesday11:00 - 12:00|Espace Poster|Forum|

Master class :

The number of malware is growing extraordinarily fast. A malware may bring serious damage.
Thus, it is crucial to have efficient up-to-date virus detectors. A robust malware detection technique needs to check the behavior (not the syntax) of the program without executing it. We show in this talk how using behavior signatures allow to efficiently detect malwares in a completely static way. We applied our techniques to detect several viruses. Our tool was able to detect more than 800 viruses. Several of these viruses could not be detected by well-known anti-viruses such as Avira, Avast, Norton, Kaspersky and McAfee.

Tayssir TOUILICNRS senior researcher - CNRS

A01

|Tuesday11:30 - 13:00|Workshop

Cloud Computing: what will change with GDPR

X

A01

||Tuesday11:30 - 13:00|Pasteur|Forum|Legal issues

Workshop : Cloud Computing: what will change with GDPR

GDPR data protection also applies - and perhaps more so - to data stored in cloud subcontracted service providers. Traceability, portability, accountability, and incident response: these are the requirements that must be contractually met, the terms and conditions of which must comply with GDPR rules. Which data protection for the cloud? What levels of cooperation between service provider and beneficiary guarantee compliance? Which responsibilities should be shared in regard to notification? This is a workshop to get out... of the cloud!

Ransomware has been a staple of 2017: Wannacry, NotPetya etc. These cyber attacks, which combine attempts on data and extortion, have taken international and planetary dimensions due to the number of impacted countries and registered victims. In order to combat this scourge, which falls under cyber criminality, just before the final hurdle of cyber conflict, state action is necessary but not enough. International actors such as Interpol and Europol find their “raison d’être” in this fight but we must also imperatively develop public/private cooperation. "No more ransom", a website created by Dutch police along with Europol, Intel Security, Kapersky Lab and McAfee, is proof of the necessary mix of technical, legal and operational know-how.

SEBASTIEN GESTTechnical Evangelist - VADE SECURE

Jean Dominique NOLLET - European Cybercrime Centre, Europol

HENRI CODRON - CLUSIF

Paul FARIELLOSecurity Intelligence Product Leader - STORMSHIELD

MATHIEU SIMONIN - MELANI / ADMINISTRATION FEDERALE SUISSE

JULIAN GRISOLET - ANSSI (FRANCE)

A03

|Tuesday11:30 - 12:30|Workshop

How to link SOCs and crisis management

X

A03

||Tuesday11:30 - 12:30|Vauban|Forum|Cyber risks management

Workshop : How to link SOCs and crisis management

Traditionally, the SOC is in charge of network supervising, managing vulnerabilities, detecting and assessing security events, whereas the CSIRT takes care of emergency response, keeping watch and crisis management. In practice however, things are blurrier and there is often at least a partial overlap between both. Yet whichever organizational model is chosen, different processes will have to be coordinated. How should these different response levels be connected? Which escalation process should be used? At which point do we consider a crisis has risen? How do we guarantee the contextualizing of security events and their link with the “trades”? Which link between SOCs, CSIRTs and crisis cells? How do we guarantee the efficiency of the crisis management process?

The European Commission's digital strategy was published in May 2015. It aims to transform the 28 national markets into a single digital market that could generate € 415 billion a year and create hundreds of thousands of jobs. Comprising of 16 initiatives, this plan covers a variety of sectors including big data, copyrights, e-commerce etc. The "data" is central to all these issues, if only because of the RGDP and the "free flow of data" that should follow to impose the principle of free movement for non-personal data. Cybersecurity is just as central, as the "cyber act" provides for the harmonization of certification schemes and the creation of a real European cybersecurity agency. The challenge is huge if we want to avoid being confined to the lowest common denominator, especially in terms of security. How, for example, do we harmonize our certification schemes for security products without leveling things down? Should we also develop the "capacity building" role of the ENISA, or should we give it the operational capabilities to intervene in a crisis? How do we stimulate innovation, key to the development of a European digital industry? And how do we develop a real European cloud with or facing GAFAM more and more pointed at, both in Europe and the United States? An event organized with CyberTaskForce.

In the face of ever more complex and violent attacks likely to block or incapacitate IT systems and compromise an organization’s vital data, businesses must give themselves the means to react in case of a major crisis and respond to large scale incidents. Through BCPs and BRPs, they will need to plan for the reboot of their infrastructure and the reformatting of the necessary systems and applications in order to ensure a return to normalcy as quickly and painlessly as possible. With survival and resilience at stake, and in order to be efficient in the event of a crisis, these measures must, from their design, incorporate the specific needs of each business to allow them to respond to operational but also confidentiality, integrity, image and reputation requirements.

How do we harmonize our certification outlines to reconcile different requirement levels?

X

A06

||Tuesday11:30 - 13:00|Charles de Gaulle|Forum|

Workshop : How do we harmonize our certification outlines to reconcile different requirement levels?

In its September 2017 "Cyber Act" draft, the European Commission suggested harmonizing European certification outlines applicable to cyber security solutions but also to the cyber security of more generic solutions, such as connected objects. Ensuring consistency between outlines is essential to favoring the growth of one common digital market but it also entails reconciling different stakes and challenges. For example, how do we manage certification targets that vary according to the nature of the products and services concerned and the fields of application? How do we reconcile levels of requirements pertaining to simple documentation compliance and those pertaining to advanced technical certifications? Which governance should we implement to steer this new setup?

Cyber Threat Intelligence seems to be the new miracle remedy against the lopsided struggle between aggressor and defender. Based both on the analysis and characterization of past attacks and the direct monitoring of potential attackers, it can be used on an operational level to improve detection capacities, on a tactical level to adjust defense mechanisms, and on a strategic level to anticipate the evolution of threats and their impact on the organization. However, beyond theory and marketing strategies, what is Cyber Threat Intelligence’s real contribution in terms of security operations, problem solving and IT security governance? After all the promises and disillusionment, is CTI maturing?

Zahri YUNOSChief Operating Officer - CyberSecurity Malaysia

RAPHAËL ILLOUZPDG - NES

Alexandre PICARDHead of Cyber Threat Intelligence - AIRBUS

Paul DUBOURGCo-Founder & Problem Solver - MyCyberHub

BASSEM HAMDICyber Threat Intelligence Manager - CEIS

Bertrand GARE - L'INFORMATICIEN

A08

|Tuesday11:30 - 12:30|Workshop

Security by design, a new commercial and industrial imperative

X

A08

||Tuesday11:30 - 12:30|Matisse|Forum|Cyber risks management

Workshop : Security by design, a new commercial and industrial imperative

Innovation calls for speed. As soon as a new system or equipment is designed, it must be mechanized and commercialized without delay in order to meet business imperatives. In the race for cost-effectiveness, security is often overlooked. A number of flaws are detected after the product is put on the market. This conceptual imperfection is in the process of being resolved, firstly, by law: woe to those who do not develop data processing providing security in the design stages! The GDPR hands out heavy penalties but consumers could be even more demanding. Security by design: a competitive advantage?

Dominique BOLIGNANOPresident - PROVE & RUN

Valéry MARCHIVEDeputy Chief Editor - LeMagIT

Nicolas PIERSONCyberdefense expert - Ministère des Armées

JEAN-JACQUES CAMPSCIO - AIR LIQUIDE

BENOIT GEIMERNSX Senior System Engineer - VMWARE FRANCE SAS

A09

|Tuesday11:30 - 12:30|Workshop

Should Hack Back be authorized for private corporations?

X

A09

||Tuesday11:30 - 12:30|Rubens|Forum|Legal issues

Workshop : Should Hack Back be authorized for private corporations?

Hack back (or reverse hacking) is often mentioned as THE solution to the asymmetry between aggressor and defender in the digital world. Yet even though legitimate defense exists in international law, it must follow very strict legal regulation and, more importantly, can only be carried out by states. In the United States, a government bill is offering to institute a right to cyber self-defense for companies. Should we let companies, acting for themselves or on behalf of the state, run these types of offensive operations that could provide a deterrent despite the difficulties in handing out this responsibility? Should states, on the contrary, retain the monopoly in legitimate use of force to prevent risks of escalation? Which other “active” measures can we come up with?

Joanna KULESZAAssistant professor of international law - University of Lodz, Poland

The cognitive layer of the Internet spreads a lot of illicit content. With the emergence of radical Islam, violence, hate speech, calls to proselytizing are reaching record highs. How do we fight this destructive attempt on the mind, particularly among the youth? States have their role in adopting preventive and repressive measures but is it possible to reach any goal without the help of private actors, web hosts, report generators, internet access providers, search engines etc.? How do we facilitate cooperation? How do we best share responsibilities without restricting freedom of expression leading to generalized content monitoring?

Laurence BINDNERFounding partner, cyber intelligence expertise -

Christian AGHROUMCEO - SoCoA Sarl

François-Xavier MASSONHead of the French National Cyber Crime Unit - POLICE NATIONALE

Your SOC must protect your IT systems from known and unknown threats that can actually impact your business. Building a relevant and adapted monitoring plan is a must. We will present how to combine several security monitoring approaches to build your plan. From traditional rule-based system to machine learning algorithm including business data analysis, our demo will explain how to deploy a durable and efficient SOC step-by-step.

Cybersecurity policy has a major impact on buyers and suppliers of cybersecurity products and services. This holds for national policies from France, Germany, UK, US, China, etc, as well as for international cyber-policy from the EU, UN, WTO, ITU and NATO. Cybersecurity policy is driven by motivations such as resilience, international security, national sovereignty, global competitiveness, trade and innovation. Measures such as ICT security certification, public procurement, PPPs, tax incentives, and public R&I investment are of high industrial relevance, even if the notion of industrial policy is not always explicit in cybersecurity policy. Based on an international comparative study led by the University of California, Berkeley and with a main focus on EU policy, this masterclass will provide insight in the drivers and measures of cybersecurity industrial policy.

Paul TIMMERSVisiting Fellow / Former Director EC - OXFORD UNIVERSITY

TV02

|Tuesday12:00 - 12:30|TV Show

X

TV02

||Tuesday12:00 - 12:30|Plateau TV 01Net|Forum|

TV Show :

Astrid-Marie PIRSONUnderwritting manager - HISCOX

Olivier PANTALEO - PROVADYS

DT04

|Tuesday12:30 - 13:00|Technical demonstration

SCILLE : WHAT IF THE CLOUD BECOMES THE SAFEST PLACE FOR YOUR CONFIDENTIAL DATA ?

X

DT04

||Tuesday12:30 - 13:00|Solutions area|Forum|

Technical demonstration : SCILLE : WHAT IF THE CLOUD BECOMES THE SAFEST PLACE FOR YOUR CONFIDENTIAL DATA ?

You want to enjoy the convenience of the cloud while feeling safe and secure ? Parsec is the first open source solution allowing to share your confidential data in a cloud federation.
Together with the Bordeaux Computer Science Research Laboratory, Scille has developped Parsec, a leading-edge solution. Its security is integrated by design, and it is made to anticipate future needs, while remaining easy to use.
You will discover a software architecture based on Research concepts and algorithms, which ensure confidentiality, integrity, resilience and availability. At the time of GDPR,
Parsec is part of an overall thinking of corporate security.

Thierry LEBLONDPresident - SCILLE SAS

TV03

|Tuesday12:30 - 13:00|TV Show

X

TV03

||Tuesday12:30 - 13:00|Plateau TV 01Net|Forum|

TV Show :

Benoît GRUNEMWALDOperations Director - ESET

FT01

|Tuesday13:00 - 13:15|FIC Talk

OKTA : Plan for success with Identity through MFA !

X

FT01

||Tuesday13:00 - 13:15|Vauban|Forum|

FIC Talk : OKTA : Plan for success with Identity through MFA !

Are you deploying new cloud applications? Do you want your employees to access to all these apps from everywhere in a secure way?
Please join us and discover how Okta can help you to control and enforce the access to all your apps providing an intuitive and great user experience to all your employees.

Remi PENDINOSales Engineer, EMEA - Okta

MC03

|Tuesday13:00 - 14:00|Master class

Information Warfare and Hacking Democracy

X

MC03

||Tuesday13:00 - 14:00|Espace Poster|Forum|

Master class : Information Warfare and Hacking Democracy

Events of recent years have shown to what extent cyber-means can be employed to engage in wide-scale Information Warfare activities. Democracies have shown to be far from immune to strategic covert influencing campaigns by unfriendly states, and haven been shaken both by direct attacks on their technical electoral systems as well as indirect attacks on public opinion and preference setting. The present trend towards "hacking democracy" poses a fundamental threat, not only by casting doubt on the activity of the media and civil society or even by weakening the trust in the institutions of public life, but by threatening to cast all information as a "weapon" – effectively making free speech impossible.
This Masterclass will introduce a basic framework for understanding covert influencing, and will apply it to recent political events in liberal democracies. It will also discuss the direct vulnerability of electoral systems to cyber-attack, and provide recommendations on how to secure them.

How to solve Security Departments’ current toughest dilemmas?
How to turn Security from the Department of No to the Department of Yes?
How to accelerate your digital transformation securely?
How to keep personal information personal?
Nowadays, Security is regularly cited as the No. 1 board priority for enterprises and governments around the world. Highly publicized attacks and incidents on the global stage have clearly demonstrated that the wrong security and cyber risk strategy can result in loss of revenue and market capital.
To help organizations address those issues, DXC.TECHNOLOGY has developed a robust cyber security reference architecture based on hundreds of engagements, spanning thousands of hours deploying security transformation programs for many of the world’s largest organizations. This future-proof methodology enables our clients to improve their security posture as to modernize and to digitally transform their enterprise in an efficient way.

External perimeter security remains a pillar of any defense, security and confidence policy. However, and for a long time, we have witnessed a proliferation of users, devices, and objects connecting to the internal network of a company, an university, an administration ... Thus attacks coming from the inside are less detected and may in some cases spread over long periods of time. Fortunately, it exists some technologies that can fight and respond to these attacks. These solutions range from the infrastructure, to the access control and behavioral analysis. Let's take a look at how to have a coherent and comprehensive approach to strengthen the internal perimeter of the network.

Cyber-attacks are making cyberspace an increasingly hostile environment for organizations. Despite having security solutions in place, defending against breaches is becoming more and more difficult, as recent cyber-attacks such as WannaCry have shown.
A New technology has emerged and help organizations to assess the effectiveness of security procedures, infrastructure, vulnerabilities and techniques by using breach and attack simulation technologies.
This technology allows organizations to test their security assumptions, identify possible security gaps and receive actionable insights to improve their security posture.

Avihai BEN-YOSSEFCo-Founder & CTO - CYMULATE Ltd.

FT04

|Tuesday14:00 - 14:15|FIC Talk

IBM

X

FT04

||Tuesday14:00 - 14:15|Vauban|Forum|

FIC Talk : IBM

Where do we stand today in Quantum computing ? In which term will the Quantum computing become a reality for our information systems ? Which are the first cases of use at IBM and in which fields will the Quantum computing modify our approaches in cybersecurity ? Lastly, which benefits will the cybersecurity draw from this technological revolution?

Bots are the most complicated threat to your business: One of the most harmful and costly activities these malicious bots engage in is credential stuffing, which can affect any organization with a login page on its website. But how do you distinguish between good bots and bad bots? What’s the financial impact of bad bots on your business? How do you keep your visitors’ credentials safe while still promoting the success of your site?

At Naval Group, cyber security is a must-have that is taken into account in our internal infrastructure, our portfolio, our processes and our business model. We will review what it means in terms of business model and company culture.
We will also share with you our expectations and somehow our frustration towards the market and how this market meets our priority needs – and how it sometimes doesn’t.
This conference will be an occasion for us to exchange about how to develop and nurture true cyber security ecosystems between system integrators and suppliers in order to structure a given vertical market.

JEAN-MICHEL OROZCOSenior Vice President CyberSecurity - NAVAL GROUP

C03

|Tuesday14:15 - 15:00|Conference

OVH - GDPR compliance in 3 clicks

X

C03

||Tuesday14:15 - 15:00|Pasteur|Forum|

Conference : OVH - GDPR compliance in 3 clicks

GDPR redefines organizations' responsibility for the processing of personal data and creates a demonstrable chain of trust between the controller and the concerned citizens. Choice of services, operational responsibilities, risk sharing, compliance with legal obligations: discover our approach to migrate your data processing in the cloud, compliant in 3 clicks.

JULIEN LEVRARD - OVH

FLORENT GASTAUDData Protection Officer - OVH

C04

|Tuesday14:15 - 15:00|Conference

Threat Intelligence and reverse, knowledge and follow-up of the threat

X

C04

||Tuesday14:15 - 15:00|Eurotop|Forum|

Conference : Threat Intelligence and reverse, knowledge and follow-up of the threat

Our threat Intelligence and reverse engineering teams from Airbus CyberSecurity introduce their methods to prevent the threat : from hunting in the wild to profiling the attacker.
How our teams work together to perform technical analysis, capitalize and disseminate information.

Grégory BAUDEAUExpert - Technical Leader CTI team - AIRBUS

ALEXANDRE BUIRETTE-CARLEReverse Engineer - AIRBUS CYBERSECURITY

JULIEN MENISSEZProduct Manager, CISSP - AIRBUS

C05

|Tuesday14:15 - 15:00|Conference

F-Secure - Red teaming: The value of testing your security by breaking in

With international corporations and organizations depending on their departments, third party service providers and cloud based services, criminals have caught up in attacking the infrastructure and the users of outsourced services. Organizations want and need a way of measuring their security maturity and want to test their resilience against targeted attacks. Be it on the network, physically and anything in between. Tom Van de Wiele will talk about how our red teams get into companies along with examples of past cases. Some of the trends that come with untested or outsourced security (or the lack there of) will be discussed as well as what convergence is required between technology products, training and processes.

CERTILIENCE - Guarantee the security of your IS through continued control of the maintenence

X

DT06

||Tuesday14:30 - 15:00|Solutions area|Forum|

Technical demonstration : CERTILIENCE - Guarantee the security of your IS through continued control of the maintenence

Certilence auditor feedback: our experts analyse the problems encountered in 2017, and then explain in detail the penetration methods used by our company hackers. They will present the new techniques which have allowed our hackers to take control of information systems, and will then demonstrate the best strategies for preventing malicious hacking of
your own IS.
Through years of experience, our Certilence experts have developed evolutive methodologies adapted to the specifics of each environment.

With new technologies, the evolution of networks and digitizing services, our cities (and our buildings) are becoming more and more sophisticated. New and innovative services can help us make our cities cleaner, safer, more sustainable and more efficient while providing support and assistance to citizens. For example, some cities have already used aggregated data collected from multiple connected devices to analyze traffic on the roads to identify hazards, identify individuals or adjust the brightness of lamps according to the size of the car parks or the number of cars parked there.
Driven by administrative, political and commercial pressure, these technologies are deployed quickly without any real risk control and analysis of threat on privacy that they may represent.
In a context where we are increasingly aware of the problem of protecting our personal data online, are we aware of all threats related to the collection, storage and processing of our personal data by our cities or by some companies mandated by the administration? Should we be worried? What are the processes and techniques that should protect us? Can we fear the nightmare scenario of a compromised smart city where attackers could take control of vital organs?

Cyber-resilience has been a mainly theoretical topic for years, but in just a few hours on June, 27th 2017 it turned into a matter of survival addressed at board level. Wavestone has been at the heart of the crisis management and incident response on several destructive cyber attacks attributed to the NotPetya malware. Come experience the first hours of the crisis as if you were there! We will be sharing our lessons learned the hard way from the field about how to manage an operation of this magnitude and how to build an operational cyber-resilience strategy that works.

Our missions about audits on the scope of the industrial IS, led us to carry out actions of sensitization, security and supervision with the trades while considering their constraints and their contexts.
Ineo's "Security Expedition" audit methodology revolves around:
Organizational audit: verifications of existing processes and procedures, control of compliance level, etc.
Technical audit: record of information on machines and PLCs, analysis of network traffic, etc.
Recommendations: short and long term action plans, level of compliance, etc.
Our conference will report through feedback, our approach to cybersecurity in the service trades.

How to expose the hardest-to-detect cyberthreats when real-time cybersecurity supervision and threat intelligence are not enough? Thales explains how Big Data technologies can track down sophisticated APTs by harvesting forensic evidence from thousands of computers and servers, changing the ground rules for analysing indicators of compromise as well as making information system health assessments easier and significantly improving attack detection.

PIERRE ANSELCyber security Director - Thales

C08

|Tuesday15:30 - 16:15|Conference

Trend Micro - 2020: Connected Intelligence

X

C08

||Tuesday15:30 - 16:15|Van Gogh|Forum|

Conference : Trend Micro - 2020: Connected Intelligence

In 2020, 20 billion physical, virtual or Cloud systems will be connected and the wider network will be located at the confluence of IT, OT and IOT worlds. The global context of security will then evolve, as the attack surface will no longer be under control and the information stream far above the thresholds of what we are currently able to handle. However such tremendous changes can be turned into our advantage, as each of these objects can embed artificial intelligence, which efficiency increases together with the amount of data used for training. An evolution which can finally be considered as an opportunity to take the lead on security, for the first time in 30 years...

Cogiceo is an independent IT security consulting company. We developed a tool aimed at automatically analysing Microsoft Active Directory domains. It is a secure, universal, non-intrusive and lightweight data gathering and crunching solution. The solution involves no software installation nor opening any additional network streams.
Using this tool, our experts gather within a few hours relevant technical indicators to perform an analysis of the overall security level of your domain.
This fine analysis makes it possible to highlight specific details of any discovered security vulnerabilities. Moreover, the tool can expose possible compromision paths within the domain.

Ransomware attacks such as WannaCry, Petya and targeted APTs keep security under pressure. After the rise of Next-Gen network technologies, Next-Gen Endpoint solutions emerge, implementing anti-exploit technologies, Machine Learning and Deep Learning. We will present the latest threats, then the innovative Next-Gen protection approaches, illustrating them through the technologies derived from the acquisition and integration of Invincea in Sophos Intercept X and the dynamic synchronization of Endpoint and Network protections offered by Sophos.

LAURENT GENTIL - SOPHOS

MICHEL LANASPEZE - SOPHOS

FT08

|Tuesday16:00 - 16:15|FIC Talk

Blackberry - Turning the tables on the cyber criminals targeting enterprises and government organisations

This insight-led session will show how the possibility and promise of the Internet of Things overshadows the omnipresent threats that many connected computers, servers and mobile devices in an academic environment pose in an always-on array of vulnerable points. As the role of data grows, and with the oncoming GDPR juggernaut, it’s only by looking at the world of information and security differently can business leaders everywhere face up to their responsibilities to capture, manage and store their data safely and securely.
BlackBerry’s Cyber Security Experts will share their experiences on the deployment of ethical hacking as a technique for defending enterprises and government organisations.

The year 2016 marked a historic watershed: the secret digital activities of two of the main military and digital powers in the world were brought out publicly. On the one hand, in the middle of summer 2016, hackers calling themselves the Shadow Brokers chose to announce that they had stolen several cyberweapons belonging to the Equa on Group and published evidence of the link between the Equa on Group and the NSA. On the other hand, Wing and online publica on by WikiLeaks of documents from the United States Democra c Party marked the beginning of a series of events that eventually brought the cyber ac vi es of the Federal Security Service of the Russian Federa on (FSB) and the Main Intelligence Agency (GRU), two Russian intelligence services, out into the open. These cyber operations and their consequences rise several legal questions both regarding the limitation to the proliferation of cyberweapons and the law of State responsibility. These are the two subjects that will be developed by the speakers during this masterclass.

François DELERUE - IRSEM / CHAIRE CASTEX / SCIENCES PO PARIS

Aude GERY - CHAIRE CASTEX DE CYBERSTRATEGIE

DT09

|Tuesday16:30 - 17:00|Technical demonstration

QUALYS - Agile, rapid app development and deployment must be secure. Qualys adds “Sec” to “DevOps”

Discover Cyberwatch, the 100% French Vulnerabilities Analysis and Monitoring software that helps companies to improve their security day to day.
This multiplatform application (Windows/Linux) can be deployed quickly agent-based or agentless in your network, to manage continuously your vulnerabilities (24h/24 & 7d/7).
Cyberwatch fits to your environment (external IT Hosting, WSUS, internal security policies...) and provides tools adapted to Maintain your system in secure conditions.
Cyberwatch generates operational reports with a pertinent information, based on the severity of your vulnerabilities, the importance of your machines, and the existence of public exploits.